Snort behind an initial firewall
cjbujold last edited by
Trying to configure snort on PFsense when the pfsense box is behind an initial firewall.
The setup is the ISP Internet connection comes in a first router and some Internet traffic is directed to the PFSense box hosting snort. Essentially the PFsense box is receiving the internet via a 192.168.172.4 WAN connection and a 192.168.172.100 gateway to the PFsense box/Lan which is 192.168.30.1.
The issue is snort blocks the traffic from 192.168.172.100, since i presume, it thinks it is an invalid IP. How can I tell snort to accept all traffic from this IP and gateway but to check it and not lock out the gateway in the process.
When I turn on Snort it blocks the gateway with various rules coming or going out to an Internet address.
Thanks for the help!
jonesr last edited by
With the timing of your post, it may have nothing to do with being a rear firewall - http://forum.pfsense.org/index.php/topic,60329.45.html
Many found their WAN IPs blocked regardless of whether they were whitelisted. Uninstall and reinstall seems to fix the problem.